| 1 |
## Author: Paul Kölle <pkoelle@gmail.com> (blame me, not Noah) |
|---|
| 2 |
## OID 1.3.6.1.4.1.15293 Noah Kantrowitz <coderanger@yahoo.com> |
|---|
| 3 |
## attribute types 1.3.6.1.4.1.15293.x.2.1.x |
|---|
| 4 |
## objectclasses 1.3.6.1.4.1.15293.x.2.2.x |
|---|
| 5 |
|
|---|
| 6 |
attributetype ( 1.3.6.1.4.1.15293.1.2.1.1 |
|---|
| 7 |
NAME 'tracperm' |
|---|
| 8 |
EQUALITY caseExactIA5Match |
|---|
| 9 |
SUBSTR caseExactIA5SubstringsMatch |
|---|
| 10 |
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 |
|---|
| 11 |
DESC 'a trac permission string' ) |
|---|
| 12 |
|
|---|
| 13 |
# dynamic member resolution, depends on dyngroup.schema |
|---|
| 14 |
# from openldap-2.3 (read the warnings there) |
|---|
| 15 |
# the provided ldap URL is expanded to a list of DNs, |
|---|
| 16 |
# most likely groups from wich you can get permissions from |
|---|
| 17 |
attributetype ( 1.3.6.1.4.1.15293.1.2.1.2 |
|---|
| 18 |
NAME 'tracGroupsURL' |
|---|
| 19 |
DESC 'resolves to a set of groups a user is member of' |
|---|
| 20 |
SUP labeledURI ) |
|---|
| 21 |
|
|---|
| 22 |
# this is the MS AD approach but you |
|---|
| 23 |
# have to keep the entries in sync with your groups manually |
|---|
| 24 |
attributetype ( 1.3.6.1.4.1.15293.1.2.1.3 |
|---|
| 25 |
NAME 'tracMemberOf' |
|---|
| 26 |
DESC 'groupDN the entry is a member of' |
|---|
| 27 |
SUP member ) |
|---|
| 28 |
|
|---|
| 29 |
# probably not needed, but you could filter on ObjectClass then... |
|---|
| 30 |
objectClass ( 1.3.6.1.4.1.15293.1.2.2.1 |
|---|
| 31 |
NAME 'tracUser' |
|---|
| 32 |
SUP top AUXILIARY |
|---|
| 33 |
MAY ( tracMemberOf $ tracGroupsURL $ tracperm ) ) |
|---|
| 34 |
|
|---|
| 35 |
# kind of a "mixin" can be added to all |
|---|
| 36 |
# directory objects supposed to hold a trac permission |
|---|
| 37 |
objectClass ( 1.3.6.1.4.1.15293.1.2.2.2 |
|---|
| 38 |
NAME 'tracPermission' |
|---|
| 39 |
SUP top AUXILIARY |
|---|
| 40 |
MAY ( tracperm ) ) |
|---|
